Title: Exploiting Missing Integrity Protection in LTE Networks
Abstract: First, we provide insights about the aLTEr attack, which exploits the specification flaw of missing integrity protection for user data. User data in LTE is encrypted in counter mode (AES-CTR), but not integrity protected, which allows modifying the message payload. As a proof-of-concept, we demonstrate how an active attacker can redirect DNS requests to perform a DNS spoofing attack. As a result, the user is redirected to a malicious website, where the attacker can steal, e.g., the user credentials.
The second part is about missing integrity protection of control plane data due to a false network configuration. Deployed LTE networks select the applied security algorithm from a selection of supported algorithms.
By actively testing the selection procedure in 12 commercial networks of five countries, we identify a total of four networks with insecure configurations. The implications of the false configuration are severe, as they allow a worldwide user impersonation attack. Following a successful impersonation attack, the adversary can commit fraud using the victims identity.
Bio: David Rupprecht received his B.Eng. in Computer Science and Telecommunications from the University of Applied Sciences for Telecommunications Leipzig, Germany, in 2012. He continued his studies with a focus on IT Security, Networks, and Systems and received his masters degree 2015 from the Ruhr-University Bochum, Germany. Since 2015, David Rupprecht is a doctoral student at the Information Security Group of the Horst Görtz Institute for IT Security, Bochum. His research interests include mobile network security with a focus on access networks. His work explores implementation as well as specifications flaws in current and future mobile networks. In his daily work, he makes use of software-defined radios for the implementation of attacks and countermeasures.